An attacker could leverage this vulnerability to elevate privileges or install a malware package. Bypassing Microsoft Windows User Account Control (UAC) is another way an attacker could leverage this issue. CVE-2018-8249 has been assigned to this issue. Adobe is aware of a critical issue affecting Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) for Windows and Mac OS X. The issue is the result of a corrupt file sent through the file system and could result in a crash of the application. An attacker could leverage this vulnerability to execute code on the local system as the user running the application. Exploitation of this issue requires user interaction. Most users will close the vulnerable application upon receiving a notification of a crash. An attacker could provide feedback to the user through a Web page or email, causing the user to restart the application and allowing the attacker to exploit the issue. This issue has been assigned the Common Vulnerability and Exposure rating of CVE. A single vector, specifically the installation of a malicious DLL, could result in an attacker installing a DLL and then invoking this issue. Microsoft is aware of a limited number of reports of this issue occurring. We recommend users apply the update immediately. The resolution of this issue will be released through Windows Update.
Microsoft is aware of limited attacks using CVE-2018-8433
Microsoft is aware of limited attacks using CVE-2018-8433. The most common vector of attack is a single vector where an attacker installs a malicious DLL that then invokes this issue. This attack could install malware and elevate privileges.
Microsoft Edge CVE-2018-8245
An attacker who successfully exploited this vulnerability could then run arbitrary code in the context of the current user. This update resolves that vulnerability and is not considered a security update for other CVEs.
Microsoft Windows User Account Control
One way that an attacker could leverage this issue is by bypassing Microsoft Windows User Account Control (UAC). This can be done by exploiting a vulnerability in the way that the UAC is implemented.
=======
The CVE-2018-8249 vulnerability has been assigned to this issue and Adobe is aware of a critical issue affecting Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) for Windows and Mac OS X. The issue is the result of a corrupt file sent through the file system and could result in a crash of the application. An attacker could leverage this vulnerability to execute code on the local system as the user running the application. Exploitation of this issue requires user interaction. Most users will close the vulnerable application upon receiving a notification of a crash.
Microsoft Windows Server 2016
CVE-2018-8249: Adobe is aware of a critical issue affecting Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) for Windows and Mac OS X. The issue is the result of a corrupt file sent through the file system and could result in a crash of the application. An attacker could leverage this vulnerability to execute code on the local system as the user running the application. Exploitation of this issue requires user interaction. Most users will close the vulnerable application upon receiving a notification of a crash. An attacker could provide feedback to the user through a Web page or email, causing the user to restart the application and allowing the attacker to exploit the issue. This issue has been assigned the Common Vulnerability and Exposure rating of CVE. A single vector, specifically the installation of a malicious DLL, could result in an attacker installing a DLL and then invoking this issue. Microsoft is aware of a limited number of reports of this issue occurring...
Microsoft Office and Adobe Acrobat
Microsoft Office contains a vulnerability that could be exploited to elevate privileges and install malware on the system. Microsoft Office is installed as part of many systems, including but not limited to Windows, Linux, Unix and Mac OS X. CVE-2018-8249 has been assigned to this issue.
Timeline
Published on: 09/16/2022 18:15:00 UTC
Last modified on: 09/20/2022 17:42:00 UTC